We’ve published multiple comparisons of secure messaging apps with end-to-end encryption, shared recommended settings, and described the respective flaws of these apps. But what about folks who want secure messengers but who aren’t exactly tech-savvy? This blogpost is just for them – based as it is on an extensive study and published report entitled What Is Secure? by a group of experts from the agencies Tech Policy Press and Convocation Research and Design.
The report contains recommendations for both users and developers. But since not everyone will read through all the 86 pages of text, we summarize the paper’s main conclusions below.
Object of study
The researchers interviewed user groups in Louisiana in the United States, and Delhi, India, to determine the strongest and weakest points of current messaging apps. The following popular apps were examined:
- Apple iMessage
- Meta (Facebook) Messenger
- Messages by Google
- Signal
- Telegram
The study focused on the way humans respond to in-app tips, and the way they understand the meaning of each feature. More importantly, the respondents were asked about any specific fears, and in what ways they think secure messaging apps are or could be useful in their lives. Some of the interviewees said they are worried about potential physical violence, such as domestic violence, in connection with messaging, while others fear persecution by the authorities. This had a major effect on their perception of “secure”.
Key finding
End-to-end encryption is only one aspect of security. Encrypted messaging won’t solve every problem a threatened user is having. Therefore, one needs to think through a strategy against motivated adversaries. Is there a risk of your phone being seized? A risk of you being forced to unlock it? Are you afraid that someone may try to obtain your data from the company that owns the app using litigation or a legal order? Or infect your phone with spyware? Would it be easier for the bad guys to try and extract that data from the person you’re chatting with? For many, the answer to each of the above is no, so an encrypted messaging app provides sufficient security in and of itself. And even if your answer is yes, that’s no reason to give up encryption and secure messaging: they just need to be one layer of your defenses.
As further tips, the researchers recommend that the above vulnerable user groups take several technical steps (more on those below) but, most importantly, not to carry their phones in places where they could be physically seized or forcibly unlocked. They suggest getting a second phone for such dangerous places, and keeping the main device with a person they can trust.
General tips on secure messaging
The biggest secrets are best delivered face-to-face. No method of digital communication is completely secure. Therefore, the riskiest information – especially if posing a threat to health or even life – should be discussed in person, not in a chat.
Don’t make decisions blindly. Users make conscious efforts to protect their privacy, but they often rely on popular opinion about security – not verified sources. Few read documents that accompany messaging apps: terms of use, or transparency and government data sharing reports. Research carefully what your messaging service actually stores and where, and with whom it shares data and has shared in the past. That information can be found in transparency reports and in the press.
Carefully review the app settings. Make sense of each setting and turn on all the securest options. Bear in mind that parts of the privacy settings may be spread across the phone’s general settings (especially true for iMessage in iOS, and Messages by Google in Android) or sections of the app settings (typical of Telegram).
Avoid hybrid modes. Several messaging apps support both encrypted and unencrypted messaging. In iMessage and Messages by Google, you can send open texts and encrypted messages in the same chat; however, this is a bad idea since these message types are always confused. Both Messenger and Telegram have separate encrypted and unencrypted chats, with the unencrypted mode used by default. The paper recommends using messaging apps based on full encryption: Signal or WhatsApp.
The more features – the higher the risk. Extra features, such as stories, bots or links to social networking services, provide extra surveillance and data-leak channels. It’s best to turn off these kinds of features or avoid using the app altogether.
Disable link previews, geolocation sharing, and GIFs. These features do come in handy sometimes, but they can be used to track you down by various parties, including linked websites. Another potential leak channel is finding and sharing GIFs in chats.
Messaging apps that work without a phone number are helpful. These include, to a certain extent, Telegram, Messenger and iMessage, although it does take some effort to configure each of them to use your internal username or e-mail as your identifier when chatting. According to the report, WhatsApp and Signal are planning to add a feature like this too.
Use disappearing messages. The most squeamish among us can enable chats to be deleted automatically after a short period of time, such as one minute. Unfortunately, not every messaging app has options like these, and in some of them, the shortest visibility period is 24 hours. Disappearing messages do little to protect you from screenshots or other ways that chats can be saved. Auto-deleting messages is helpful if you expect that strangers will be poking around in your phone shortly.
Encrypt chat backups. Default cloud backups are a frequent leak channel, so it’s imperative that they’re encrypted (something that needs to be enabled manually in both WhatsApp and iMessage), saved locally (for example, on an SD card if using an Android phone), or turned off altogether. Any local backups should be encrypted as well.
Compare encryption keys with the people you chat with. This procedure is called Сontact Key Verification (in iMessage), Safety Numbers (in Signal), Security Code (in WhatsApp), and Encryption key (in Telegram), and it helps make sure that you’re chatting with the right person – using the right device. Encryption keys can be verified for each chat by comparing codes or meeting face-to-face.
Protect yourself against account hijacking by turning on two-factor authentication. This feature comes under a variety of names, such as Two-Step Verification, Registration PIN, or something else, but the essence remains the same: logging in to the same account on a new device requires an extra verification step.
Train the people you chat with. This is critical for groups that chat about sensitive subjects. This requires that the members all share and observe the following ethics and security rules:
- No forwarding of confidential information
- No screenshots or other copies of the information in the chat
- Supporting a culture of privacy within the community
- Using the app settings wisely
- Disabling potentially risky chat features
What’s the securest messaging app?
Signal is the clear leader in the study, but the requirement to expose your phone number makes the situation somewhat complicated. The table below contains a comparison of the key messaging-app security features, with the safest option in each row highlighted in green.
Apple iMessage | Meta (FB) Messenger | Google Messages | Signal | Telegram | ||
End-to-end encryption in one-to-one chats | In certain cases* | Special type of chat | In certain cases* | Always | Secret chats only | Always |
End-to-end encryption in group chats | In certain cases* | Special type of group | In certain cases* | Always | Never | Always |
Verified encryption protocol | No | Yes | Yes | Yes | No | Yes |
Encrypted backups | Yes, optional | No backups | No | Yes, on by default | No backups | Yes, optional |
Manual comparison of encryption keys | Yes | Yes | No | Yes | Yes | Yes |
Phone number-free registration | Yes | Yes (complicated) | No | No | No | No |
Hiding phone number from contacts | Yes | Yes | No | No | Yes | No |
Links with other services or accounts in these | Yes | Yes | No | No | No | Yes |
Hiding metadata** | Partial | Partial | Partial | Yes | Partial | Partial |
Storing metadata** | Yes | Yes | Yes | No | Yes | Yes |
Self-destructing messages | No | Five seconds or longer | No | One second or longer | One second or longer | 24 hours or longer and one-time viewing |
Disabling link previews | No | No | No | Yes | Secret chats only | No |
Blocking screenshots | No | No | No | Yes | Secret chats only | No |
Screenshot alert | No | Yes | No | No | No | No |
* Available as long as all parties are using the same platform (iOS or Android) and the appropriate app settings. | ||||||
** Confidentiality settings to avoid showing to other users the following metadata partially or in full: the user’s photo, the user’s other contacts, chat and group memberships, IP address, and chat times. | ||||||
The table is based on the data of the report What Is Secure? |